Sometimes the world of bitcoin seems lawless. All too frequently, we hear stories of heists, broken-into exchanges, and more.
This time around, the victim is bitcoin poker website named “Seals With Clubs’. The service admitted their database had been compromised, but according to CoinDesk, failed to mention that private information of users were intercepted; to the tune of 42,020 individually hashed passwords.
Seals With Clubs used SHA1 has functions to protect sensitive information, but it was doing just that. SHA1 is outdate and should not be touched with a ten-foot pole.
A user then posted the hashed passwords on a web forum and asked for them to be cracked for $20 in bitcoins per 1000 unique passwords. Two-thirds of the list were cracked by the next day.
A statement from Seals With Clubs:
The datacenter that we employed up to November permitted unauthorized access to a database server and our database containing user credentials was likely compromised. Passwords were salted and hashed per user, but to be safe every user MUST change their password when they next log in.
The service says they are working to improve security conditions to prevent this from happening moving forward.